FreeTube/_scripts/injectAllowedPaths.mjs

51 lines
1.7 KiB
JavaScript

/**
* Injects the paths that the renderer process is allowed to read into the main.js file,
* by replacing __FREETUBE_ALLOWED_PATHS__ with an array of strings with the paths.
*
* This allows the main process to validate the paths which the renderer process accesses,
* to ensure that it cannot access other files on the disk, without the users permission (e.g. file picker).
*/
import { closeSync, ftruncateSync, openSync, readFileSync, readdirSync, writeSync } from 'fs'
import { dirname, join, relative, resolve } from 'path'
import { fileURLToPath } from 'url'
const __dirname = dirname(fileURLToPath(import.meta.url));
const distDirectory = resolve(__dirname, '..', 'dist')
const webDirectory = join(distDirectory, 'web')
const paths = readdirSync(distDirectory, {
recursive: true,
withFileTypes: true
})
.filter(dirent => {
// only include files not directories
return dirent.isFile() &&
// disallow the renderer process/browser windows to read the main.js file
dirent.name !== 'main.js' &&
dirent.name !== 'main.js.LICENSE.txt' &&
// filter out any web build files, in case the dist directory contains a web build
!dirent.path.startsWith(webDirectory);
})
.map(dirent => {
const joined = join(dirent.path, dirent.name)
return '/' + relative(distDirectory, joined).replaceAll('\\', '/')
})
let fileHandle
try {
fileHandle = openSync(join(distDirectory, 'main.js'), 'r+')
let contents = readFileSync(fileHandle, 'utf-8')
contents = contents.replace('__FREETUBE_ALLOWED_PATHS__', JSON.stringify(paths))
ftruncateSync(fileHandle)
writeSync(fileHandle, contents, 0, 'utf-8')
} finally {
if (typeof fileHandle !== 'undefined') {
closeSync(fileHandle)
}
}